<?php 
    require '../model/Db.php';
    $Db = Db::getInstance();
    $_POST = $Db->escape($_POST);
    $success = false;
	if(isset($_COOKIE['usable'])){
		if($_SESSION['vcode'] == $_POST['vcode']){
			$Db->update([
				table => 'bbs_user',
				map => [
					pwd => sha1(md5($_POST['pwd']))
				],
				where => "`user` = '{$_POST['user']}'"
			]);
		    $Db->close();
			session_unset();
			session_destroy();
			setcookie('usable','',time()-3600,'/nsbbs');
			$msg = "密码修改成功";
			$success = true;
		}else{
			$msg = "验证码不正确";
		}
	}else{
		$msg = "验证码已经过期";
	}
	echo json_encode([msg => $msg,success => $success]);
?>